G Holland Ltd takes believes in the values of privacy and data protection. The use of this website and the services of G Holland Ltd is not possible without the provision of some personal data. If a data subject wishes to avail of certain services offered by the company, processing of further personal data could become necessary.
Personal data processing shall always be in line with the General Data Protection Regulation (GDPR) 2016/679 and in accordance with national legislation applicable to G Holland Ltd, including the Data Protection Acts 1988 – 2018. By means of this Privacy Notice, we would like to inform the public why we collect and process personal data and the rights of data subjects relating to the collection and processing of personal data.
Controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Personal Data: means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data Subject: a natural person whose personal data is processed by a Controller or Processor.
Processor: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient: means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
Third Party: means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Processing: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Profiling: means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Consent: means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
3. Name and Address of the Controller
The Controller is:
4. Name and Address of the Lead Supervisory Authority:
The Lead Supervisory Authority overseeing the Controller is:
5. Website Cookies
Delivering browsing session stability.
Operating the website shopping cart.
Used to distinguish users
Used to distinguish users
Used to throttle request rate.
Serving targeted advertisements.
To delete cookies, you can “Clear Browsing Data” in your browser or open an incognito session (Ctrl + Shift + N) to automatically delete cookies and other session data when you close your browser window.
7. Reasons/Purposes for Processing Information
The following is a broad description in the way G Holland Ltd processes personal data:
- To administer our website and provide online information;
- To deliver and administer education and training services provided to you;
- To respond to communications, queries, and request for information;
- To support and manage our employees;
- To comply with legal or regulatory obligations;
- To establish or defend legal claims.
This information may be collected directly (e.g. from information entered into forms or emails) or indirectly (e.g. information collected from our website such as IP addresses and operating system). We may also collect information from publicly available sources such as search engines, social media, public registers, etc.
This information may include:
- Personal details;
- Business activities of the person whose information we are processing;
- Goods and Services provided;
- Financial details;
- Education details;
- Employment details.
We sometimes need to share the personal information we process with the individual themselves and also with other organisations. Where this is necessary, we are required to comply with the Data Protection Acts 1988 – 2018, the General Data Protection Regulation 2016/679, and other applicable Regulations.
The following is a brief description of the types of organisation we may need to share some of the personal information we process for one or more reasons:
- Financial organisations;
- Current, past or prospective employers;
- Educators and Awarding Bodies;
- Suppliers and Service providers.
Prior to any sharing of personal data, we conscientiously select and review these authorised third parties when possible and review their privacy and security policies.
8. Rights of the Data Subject
The General Data Protection Regulation 2016/679 provides EU data subjects with a wide range of rights. In order to assert these rights, the data subject may contact G Holland Ltd at any time.
- The Right to be Informed: the right granted by the European legislator to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed.
- The Right of Access: the right granted by the European legislator to obtain from the controller free information about his or her personal data stored at any time and a copy of this information.
- The Right to Rectification: The right granted by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.
- The Right to Erasure (a.k.a Right to be Forgotten): the right granted by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay, and the controller shall have the obligation to erase personal data without undue delay where appropriate grounds apply.
- The Right of Restriction of Processing: Each data subject shall have the right granted by the European legislator to obtain from the controller restriction of processing where appropriate grounds apply.
- The Right to Data Portability: Each data subject shall have the right granted by the European legislator, to receive the personal data concerning him or her, which was provided to a controller, in a structured, commonly used and machine-readable format.
- The Right to Object: Each data subject shall have the right granted by the European legislator to object, on grounds relating to his or her particular situation, at any time, to processing of personal data concerning him or her, which is based on point (e) or (f) of Article 6(1) of the GDPR.
- Rights in relation to automated decision making and profiling: Each data subject shall have the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or similarly significantly affects him or her, as long as the decision (1) is not is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) is not authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is not based on the data subject’s explicit consent.
9. Legal Basis for Processing
The legal basis for processing shall be:
- The data subject has given consent to the processing of his or her personal data for one or more specific purposes;
- Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- Processing is necessary for compliance with a legal obligation to which the Controller is subject;
- Processing is necessary to protect the vital interests of the data subject or of another natural person;
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
- Processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
In circumstances where providing services as a processor, the company shall act in accordance with the written instructions of the respective Controller and process personal data provided to the extent required to administer the services required, in accordance with Article 28 of the GDPR.
10. The Legitimate Interests Pursued by the Controller or by a Third Party
Where processing of personal data is based on our legitimate interest, it is to carry out our business in favour of the well-being of our employees and the shareholders (for example, to administer our websites and to manage our relationship with you, to prevent fraud, or carry out marketing activities that we think will be of interest to you).
11. Security of Processing
As the Controller, G Holland Ltd has implemented appropriate technical and organisational measures to ensure personal data processed remains secure. For example, we work hard to ensure data is encrypted when in transit and securely stored using appropriate technological and organisational measures, and that access to this data will be strictly limited to a minimum number of individuals and subject to confidentiality commitments.
It may sometimes be necessary to transfer personal data overseas. When transfers are required, data may be transferred to selected countries or territories around the world. Any transfers made are subject to appropriate safeguards and in accordance with the requirements of the General Data Protection Regulation 2016/679 and applicable national legislation.
13. Retention of Personal Data
The criteria used to determine the retention period of personal data are the respective statutory retention periods within Ireland such as the relevant statute of limitations and legitimate interest. After the expiration of that period, personal data shall be securely deleted as long as it is there is no longer a lawful basis for its retention.
14. Data Protection for Employment & Recruitment Processes
Occasionally we receive employment information from prospective employees. This information may include the individual's CV, a cover letter, biographical information, contact details, photograph, and references. This information is shared with relevant staff internally until that individual becomes a candidate for employment.
The personal data of successful applicants will be processed in accordance with the employment contract of the new employee and retained in accordance with the retention requirements identified under law.
Following completion of the recruitment process, the personal data of unsuccessful candidates is securely erased provided there is no further lawful basis for its retention.
15. Third Party Website Services
On this website, the Controller has integrated components of third party services for the performance of the following functions:
Website Analytics (with anonymisation):
The operator of the service is Google Inc., whose registered address is 1600 Amphitheatre Parkway, Mountain View, CA, 94043, United State of America.
Further information and the applicable data protection provisions of the service can be founded by visiting: https://policies.google.com/privacy.
The operator of the service is Worldpay BV, whose registered address is Claude Debussylaan 16, 1082 Amsterdam, Netherlands.
Further information and the applicable data protection provisions of the service can be found by visiting: https://www.worldpay.com/uk/privacy-policy.
16. Changes to this Privacy Notice
This notice was last updated on 18th May 2018. We may change this notice by updating this page to reflect changes in the law or our data protection practices.